Hot!FG-IR-19-144 more information available?

Author
boneyard
Gold Member
  • Total Posts : 157
  • Scores: 8
  • Reward points: 0
  • Joined: 2014/07/30 11:15:18
  • Status: offline
2019/07/24 23:49:48 (permalink)
0

FG-IR-19-144 more information available?

https://fortiguard.com/psirt/FG-IR-19-144
https://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=FD45293
 
How are people acting on this? Are you upgrading / have already upgraded? How have you upgraded?
 
The advisory is quite vague in explanation of the issue and quite strong in the advise to upgrade NOW in my opinion. If it just involves a failure to properly check revoked certificates then that would mainly affect client cert authentication (yes it affects server certificates but exploits there would involve some man in the middle magic). Which you can easily check if you use it and then don't choose to upgrade. but if it would be just that i can't imagine a advisory of this level.
 
Next to that the interesting line on the manual upgrade. Mentioning TFTP and USB, but not mentioning HTTPS (regular file upload), so is that OK or not. Why would you omit the most common way (next to download from FortiGuard) if it is allowed.
 
PS: I have a ticket with support open, but looking for community input.
#1

4 Replies Related Threads

    gurumul
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/01/30 08:06:51
    • Status: offline
    Re: FG-IR-19-144 more information available? 2019/07/25 08:54:24 (permalink)
    0
    Pretty bad description indeed. Could be OCSP, CRL request ... or updates to FortiGuard Servers ... or ...
     
    How can an administrator decide to upgrade or not based on the provided information?
     
    Thanks for providing us your ticket output.
    #2
    FortiOSman
    Bronze Member
    • Total Posts : 36
    • Scores: 2
    • Reward points: 0
    • Joined: 2016/08/03 10:14:57
    • Status: offline
    Re: FG-IR-19-144 more information available? 2019/07/25 11:39:49 (permalink)
    0
    Bump
    #3
    FortiOSman
    Bronze Member
    • Total Posts : 36
    • Scores: 2
    • Reward points: 0
    • Joined: 2016/08/03 10:14:57
    • Status: offline
    Re: FG-IR-19-144 more information available? 2019/07/25 11:51:29 (permalink)
    0
    It looks like one of their workarounds is the IPS signature, and looking into that sig, they specify revoked Fortinet certificates.  So I would assume as long as you arent using Fortinet certs for anything you should be fine. 
     
    I wont be rushing to upgrade for this. 
     
    https://fortiguard.com/encyclopedia/ips/48207
    #4
    boneyard
    Gold Member
    • Total Posts : 157
    • Scores: 8
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: FG-IR-19-144 more information available? 2019/07/26 12:04:50 (permalink)
    0
    the whole situation feels kinda weird. critical bulletin, but medium IPS signature.
     
    support did say it only involves Fortinet certificates indeed. they also indicated it mainly revolving about authentication with certificates.
     
    still if that is it, why the critical bulletin, don't get it.
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5